package com.bolinfest.editor;

import javax.servlet.http.HttpServletRequest;

/**
 *
 * @author bolinfest@gmail.com (Michael Bolin)
 */
final class XsrfUtil {

  static final class XsrfAttackException extends RuntimeException {

    private static final long serialVersionUID = 1L;

    private XsrfAttackException(HttpServletRequest req) {
      super(req.getRequestURI());
    }
  }

  /** Utility class: do not instantiate. */
  private XsrfUtil() {};

  /**
   *
   * @throws XsrfAttackException
   */
  static void checkNotXsrf(HttpServletRequest req) {
    String xsrfHeaderValue = req.getHeader("no-xsrf");
    if (!"1".equals(xsrfHeaderValue)) {
      throw new XsrfAttackException(req);
    }
  }
}
